Date: Thu, 16 Aug 2012 13:08:44 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: aris@ruivo.org
Cc: linux-kernel@vger.kernel.org, cgroups@vger.kernel.org,
        Tejun Heo <tj@kernel.org>, Li Zefan <lizefan@huawei.com>
Subject: Re: [PATCH RESEND 0/4] device_cgroup: replace internally whitelist
 with exception list
Message-Id: <20120816130844.6f26530d.akpm@linux-foundation.org>
In-Reply-To: <20120809190414.773462171@muttley.lan.cathedral>
References: <20120809190414.773462171@muttley.lan.cathedral>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1184
Lines: 24

On Thu, 09 Aug 2012 15:04:14 -0400
aris@ruivo.org wrote:

> The original model of device_cgroup is having a whitelist where all the
> allowed devices are listed. The problem with this approach is that is
> impossible to have the case of allowing everything but few devices.
> 
> The reason for that lies in the way the whitelist is handled internally:
> since there's only a whitelist, the "all devices" entry would have to be
> removed and replaced by the entire list of possible devices but the ones
> that are being denied.  Since dev_t is 32 bits long, representing the allowed
> devices as a bitfield is not memory efficient.
> 
> This patch replaces the "whitelist" by a "exceptions" list and the default
> policy is kept as "deny_all" variable in dev_cgroup structure.

The patches look reasonable to me.  I suggest you resend them after
kernel summit and cc a few additional people: Serge Hallyn, Pavel
Emelyanov and James Morris.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/